Sometimes you get challenges provided with a Dockerfile
. In most cases, it's best to use it, as you can be sure it acts the same locally and remotely.
Unfortunately, that can be rough. There are a few steps. In essence, we want to use gdbserver
to set up a debug session, then connect to gdbserver
from our host to leverage the full power of whatever we want to debug with. These steps work for debugging a binary hosted via socat
.
Add:
Run:
Connect:
OR
Add some installs to the Dockerfile:
If the Dockerfile is an alpine image, instead use
gdbserver
is automatically installed as part of the package.
Add the
flags to the docker run ...
command in build_docker.sh
.
-p 9090:9090
binds the internal port 9090
to the external port 9090
, so we can connect to localhost:9090
for the gdbserver
--cap-add=SYS_PTRACE
gives the container the capability to ptrace
a process, which we need for debugging. The alternative is to run it in --privileged
mode, which is far more unsafe
Get a shell with docker exec
:
Note that to get a binary started with socat
, we have to connect to the service first in order to start a process. So, outside the container, connect with nc
:
Don't end the process. Switch back to the Docker root
shell:
Grab the PID of the subprocess, in this case 22
.
Now start a gdbserver
:
You can combine this into one command:
gdbserver :9090 --attach $(pidof challenge)
And on your host you can now connect to it with radare2 or GDB:
And boom.
Note the issue is that you have to restart gdbserver every time you connect again. Don't forget! Maybe there's a better way, but I don't know.
Did try and replace the shell commands with a single docker exec
, but the $()
is resolved before it is piped to the Docker:
But when connecting via shell and running, it worked:
If anybody finds a fix, please let me know!